Reference : Modeling Data Protection and Privacy: Application and Experience with GDPR |
Scientific journals : Article | |||
Engineering, computing & technology : Computer science | |||
Security, Reliability and Trust | |||
http://hdl.handle.net/10993/48170 | |||
Modeling Data Protection and Privacy: Application and Experience with GDPR | |
English | |
Torre, Damiano [University of Luxembourg > Interdisciplinary Centre for Security, Reliability and Trust (SNT) > SVV >] | |
Alferez, Mauricio [University of Luxembourg > Interdisciplinary Centre for Security, Reliability and Trust (SNT) > SVV >] | |
Soltana, Ghanem [University of Luxembourg > Interdisciplinary Centre for Security, Reliability and Trust (SNT) > >] | |
Sabetzadeh, Mehrdad [University of Luxembourg > Interdisciplinary Centre for Security, Reliability and Trust (SNT) > SVV >] | |
Briand, Lionel ![]() | |
In press | |
Software and Systems Modeling | |
Springer | |
Yes (verified by ORBilu) | |
International | |
1619-1366 | |
1619-1374 | |
Germany | |
[en] GDPR ; regulatory compliance | |
[en] In Europe and indeed worldwide, the Gen-
eral Data Protection Regulation (GDPR) provides pro- tection to individuals regarding their personal data in the face of new technological developments. GDPR is widely viewed as the benchmark for data protection and privacy regulations that harmonizes data privacy laws across Europe. Although the GDPR is highly ben- e cial to individuals, it presents signi cant challenges for organizations monitoring or storing personal infor- mation. Since there is currently no automated solution with broad industrial applicability, organizations have no choice but to carry out expensive manual audits to ensure GDPR compliance. In this paper, we present a complete GDPR UML model as a rst step towards de- signing automated methods for checking GDPR compli- ance. Given that the practical application of the GDPR is infuenced by national laws of the EU Member States,we suggest a two-tiered description of the GDPR, generic and specialized. In this paper, we provide (1) the GDPR conceptual model we developed with complete trace- ability from its classes to the GDPR, (2) a glossary to help understand the model, (3) the plain-English de- scription of 35 compliance rules derived from GDPR along with their encoding in OCL, and (4) the set of 20 variations points derived from GDPR to specialize the generic model. We further present the challenges we faced in our modeling endeavor, the lessons we learned from it, and future directions for research. | |
Interdisciplinary Centre for Security, Reliability and Trust (SnT) > Software Verification and Validation Lab (SVV Lab) | |
Fonds National de la Recherche - FnR | |
IMOREF | |
Researchers ; Professionals | |
http://hdl.handle.net/10993/48170 |
File(s) associated to this reference | ||||||||||||||
Fulltext file(s):
| ||||||||||||||
All documents in ORBilu are protected by a user license.